RFSAM organises RF security on two axes. Every check is a procedure, indexed by the protocol it applies to and by the layer of the assessment it belongs to — so, facing an unknown signal or device, you always have a place to start and a way to know what you've covered. It's a north, not a new attack: it ties OSSTMM, BSAM and the SDR-pentest lineage into one navigable reference across 15 technologies.
An assessment runs top-down through six layers — from the open air to what the device trusts — preceded by a pre-descent information-gathering pass. The Wayfinder walks you down it per technology; the procedures verify each floor.
Each procedure is identified as RFSAM-<PROTOCOL>-<LAYER>-NN (e.g. RFSAM-BLE-AT-01) — its protocol × layer coordinates — and follows a fixed shape: an objective (the one thing it verifies), a numbered method with real commands, a field case with real data, the known attacks with citations, and layered remediation. Every nontrivial claim carries a resolvable source; anything unverified is flagged, not asserted. Each procedure is rated:
Have a device and don't know where to start? Pick a technology and get the exact hardware + software kit for each step of the descent — an action-first interactive map.
The reference body: the numbered, cited verification procedures — objective, method, field case, known attacks, remediation — you run during, and cite in, an assessment.
RFSAM isn't a claim to have invented RF security — OSSTMM defines a spectrum-security channel, BSAM (Tarlogic) is the mature Bluetooth reference, the SDR-pentest lineage (Ossmann, Black Hat 2008; Picod et al., Black Hat 2014) built the practical tooling, and a deep body of academic RF threat taxonomies exists. What's missing is a single oriented reference that ties that landscape together into something a practitioner can navigate by, end to end, across protocols. RFSAM's purpose is to be that north: structured, numbered procedures with real commands and worked examples, so someone facing an unknown signal has a place to start and a way to know what they've covered.
RFSAM is complementary to Tarlogic's BSAM, not a replacement. BSAM is an excellent, mature methodology for Bluetooth — but it begins at the link layer and is Bluetooth-only. RFSAM owns the two floors below that (Spectrum and Signal/PHY) for every protocol, and extends to LoRa/LoRaWAN and LTE which BSAM does not cover. For Bluetooth at the link layer and above — discovery data, pairing, authentication, encryption, services, application — RFSAM defers to BSAM: its RFSAM-BLE procedures at those layers describe only the RF-capture prerequisite needed to reach the point where the corresponding BSAM control applies, then cite it directly.
Tarlogic BSAM ↗ — where BSAM owns a layer (Bluetooth, link-and-above), the BLE procedures defer to it and add only the RF-capture prerequisite, citing the specific BSAM control they hand off to.